On Wed, 9 Oct 2019 at 16:34, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: > > > > On 2019-10-09 14:58, Jonathan Billings wrote: > > On Wed, Oct 09, 2019 at 02:47:19PM -0500, Valeri Galtsev wrote: > >> Could someone enlighten me about the following file: > >> > >> /etc/subuid > >> > >> ? This file appears to be owned by "setup" package. This is CentOS 7 system, > >> and until now these files if existed were never changed. Today I have added > >> user quite routine way, by doing > >> > >> /usr/sbin/groupadd -g 4500 [username] > >> /usr/sbin/useradd -g [username] -u 4500 -c "User Name, email at domain" > >> [username] > >> > >> And the file /etc/subuid changed and user was added into it: > >> > >> [username]:100000:65536 > > > > I'm not sure what else it's used for, but /etc/subuid and /etc/subgid > > are used by podman for rootless containers (i.e. you can run a > > container without any root permissions). subuid/subgid is used to map > > a range of UID/GIDs to the process namespace inside the kernel. > > > > Some details here: > > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html-single/managing_containers/index#set_up_for_rootless_containers > > > > It's actually pretty cool. > > > > So, now when accounts are created with useradd, subuids are assigned > > to that new user. > > > > Unfortunately, this doesn't really work in an enterprise environment > > when users are defined via LDAP, since no subuid/subgid entries are > > created, but I've heard that there's an effort to make that happen in > > the NSS layer in the future. > > > > Thank you, Michael and Jonathan for your answers. > > I have one more question (which I probably will just answer myself by > kickstart installing fresh new system...): > > Did something changed and now by default useradd command adds user in > that file (by default without me using extra flag etc)? In other words > is it just me or indeed the command we used since forever suddenly > changed its behavior? > I believe it is a new behavior (by about a year). This file was not in earlier versions of RHEL because my systems only seem to have it showing up after 2018-10 > Thanks again for your insights everybody. > > Valeri > > > > > -- > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen.